CVE-2023-24152

Name of the Vulnerable Software and Affected Versions TOTOLINK T8 version 4.1.5cu

Description A command injection issue exists in the serverIp parameter of the meshSlaveUpdate function, allowing attackers to execute arbitrary commands via a crafted MQTT packet.

Recommendations For TOTOLINK T8 version 4.1.5cu, consider restricting access to the meshSlaveUpdate function until a patch is available. As a temporary workaround, avoid using the serverIp parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.